~ Return to our Founding Principles

Is the ObamaCare Website a Massive HIPAA Violation?

The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was enacted on August 21, 1996, as an attempt to incrementally reform the healthcare system. The goal was to simplify and streamline the burdens of healthcare.

The original law had four key components:

• Insurance market reforms to limit exclusions for pre-existing conditions and to guarantee the renewal of group and individual insurance

This law was sold mainly to ensure portability of healthcare plans but as with all massive federal legislation it blossomed into much more. The main emphasis when the bureaucrats began writing regulations was on privacy of individual’s health records and on electronic records. It included heavy fines and jail terms for violations of individual’s privacy. It applied to providers, insurance companies and governments that pay for healthcare services (Medicare and Medicaid for example).

The first civil money penalty imposed was to Cignet Health of Prince George’s County, MD. Cignet was fined $4.3 million for its HIPAA violation. An example of a government getting fined is the Alaska Department of Health and Human Services (DHHS). They agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential HIPAA violations. Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information. Over the course of the investigation it was found that DHHS did not have adequate policies and procedures in place to safeguard electronic protected health information (ePHI). Further, DHHS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.

Under HIPPA, if you host health information, you must have certain administrative, physical and technical safeguards in place. Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption. Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.

So this begs the question. If there was ever a violation of HIPAA it is the ObamaCare website. We have learned that the website design was lacking any serious security design. And since this website has so many connecting fingers, NSA, IRS, HHS, etc, will individuals PHI really be protected? Physicians, hospitals and insurance companies are held to strict standards when it comes to individuals’ health information. Why shouldn’t the President, HHS and all involved be held to the same standard? It appears to me that this website is serious enough to illicit the maximum fine and maximum jail sentence, but for who? I’m thinking the President.

Timely Advice

"Senator, my belief is we have to stay focused on a military that is so lethal that on the battle field it will be the enemy's longest day & worst day when they run into that force," - General James "Mad-Dog" Mattis

“The urge to save humanity is almost always a false front for the urge to rule.” — H.L. Menken

"Timid men prefer the calm of despotism to the tempestuous sea of liberty."

Thomas Jefferson

"The man who loves other countries as much as his own stands on a level with the man who loves other women as much as he loves his own wife."

Teddy Roosevelt

An unlimited power to tax involves, necessarily, a power to destroy; because there is a limit beyond which no institution and no property can bear taxation.
John Marshall, McCullough v. Maryland, 1819

Concentrated power has always been the enemy of liberty.
Ronald Reagan